Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://cloud.google.com/kubernetes-engine/docs/concepts/using-containerd below:

Containerd node images | Google Kubernetes Engine (GKE)

Stay organized with collections Save and categorize content based on your preferences.

This page provides information about node images that use containerd as the container runtime in your Google Kubernetes Engine (GKE) nodes.

The container runtime is software that is responsible for running containers, and abstracts container management for Kubernetes. There are a few different container runtimes.

The containerd runtime is an industry-standard container runtime that's supported by Kubernetes, and used by many other projects. The containerd runtime provides the layering abstraction that allows for the implementation of a rich set of features like gVisor and Image streaming to extend GKE functionality.

The containerd runtime is considered more resource efficient and secure than the Docker runtime.

When you create a new GKE cluster, a new node pool in an existing cluster, or when you upgrade an existing cluster, you can choose to use a containerd node image. GKE Autopilot clusters always use Container-Optimized OS with containerd.

The following table describes the supported containerd node images based on your cluster mode and node pool OS:

If your users access Docker Engine on a node using a privileged Pod, you should update those workloads so that there's no direct reliance on Docker. For example, consider migrating your logging and monitoring extraction process from Docker Engine to GKE system add-ons.

You cannot use containerd to build container images. Linux images with containerd include the Docker binary so that you can use Docker to build and push images. However, we don't recommend using individual containers and local nodes to run commands to build images.

Kubernetes is not aware of system resources used by local processes outside the scope of Kubernetes, and the Kubernetes control plane cannot account for those processes when allocating resources. This can starve your GKE workloads of resources or cause instability on the node.

Consider accomplishing these tasks using other services outside the scope of the individual container, such as Cloud Build, or use a tool such as kaniko to build images as a Kubernetes workload.

If none of these suggestions work for you, and you understand the risks, you can continue using Docker on the local node to build images. You must push the images to a registry before you can use them in a GKE cluster. Kubernetes with containerd is unaware of images locally-built using Docker.

For debugging or troubleshooting on Linux nodes, you can interact with containerd using the portable command-line tool built for Kubernetes container runtimes: crictl. crictl supports common functionalities to view containers and images, read logs, and execute commands in the containers. Refer to the crictl user guide for the complete set of supported features and usage information.

For Windows Server nodes, the containerd daemon runs as a Windows service named containerd.

Logs are available as follows:

• Windows: C:\etc\kubernetes\logs\containerd.log
• Linux: run journalctl -u containerd

You can also view logs for Windows and Linux nodes in Logs Explorer under LOG NAME: "container-runtime".

For troubleshooting and for known issues with workarounds, refer to Troubleshooting the container runtime.

• Learn more about the containerd integration in the Kubernetes 1.11 announcement. For even more information, visit the documentation for containerd and the CRI plugins.
• Review the migration from Dockershim information on kubernetes.io.
• Read about Dockershim deprecation by Kubernetes.
• Learn how you can secure your apps with gVisor on containerd.
• Read about the benefits of using Cloud Build to build images securely and reliably on Google Cloud to replace a custom solution that might require Docker.
• Customize your containerd configuration in GKE nodes.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-12 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-12 UTC."],[],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4